Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive.
A positive exception to this is found in the Dutch managed service provider (MSP) VelzArt, one of the many unfortunate victims of Friday’s enormous, cascading supply-chain attack on Kaseya. The attack used a zero-day vulnerability to create a malicious Kaseya VSA update, which spread REvil ransomware to some of the MSPs that use it, and then on to the customers of those MSPs.
3 things the Kaseya attack can teach us about ransomware recovery